Tag Archives: fraud reporting

Confidential Sources & Informants

There has been much in the news recently concerning the confidential sources and informants involved in current Federal on-going criminal and non-criminal investigations.  During the more complex of our examinations, we, as practicing fraud examiners and forensic accountants, can also expect to encounter the same types of sources and informants. Both sources and informants serve the same purpose, to provide information helpful in the development of a case. However, there are notable differences between confidential sources and confidential informants; the two terms should not be used interchangeably.

A confidential source furnishes information simply consequent on being a member of an occupation or profession and has no culpability in the alleged offense. For example, confidential sources might include barbers, attorneys, accountants, and law enforcement personnel. A confidential informant on the other hand has a direct or indirect involvement in the matter under investigation, and s/he might (incidentally) also be culpable. The distinction between the two sources is their involvement or noninvolvement in the offense. As every CFE knows, informants can pose treacherous legal issues for the fraud examiner.

There is no question that information provided by a well-placed informant can be invaluable to any case; secretly photographed or recorded conversations provided by an informant are the most convincing type of evidence. This information is generally viewed as something the use of which is sure to be successful for a criminal prosecutor, because there is little that a white-collar criminal can dispute when caught red-handed in the fraudulent act.

The ACFE identifies several types of informants with which a CFE might expect to become directly or indirectly involved: the basic lead, the participant, the covert, and the accomplice/witness.

—Basic Lead Informants. This type of informant supplies information to the investigator about illicit activities that they have encountered. The reasons that the informant decides to supply information are varied; some informants simply want to “do their part” to stop an unscrupulous activity, while others are interested in harming the criminals against whom they are informing. For instance, many informants in drug, prostitution, or illegal gambling endeavors are involved in those activities as well and intend to eliminate some of their competition. Whatever the reason, these informants’ only role in an investigation is to supply useful information.

—Participant informants.  The participant informant is directly involved in gathering preliminary evidence in the investigation. The informant in this instance not only supplies an investigation with information, but the informant is also involved in setting up a “sting” operation, initiating contact with the criminal for arrest purposes. A participant informant is just what the name suggests, a participant in the investigation of criminal activity.

—Covert informants. A covert informant also supplies information on criminal behavior to an investigator or to authorities. The difference between covert informants and other types of informants is that a covert informant is one who has been embedded in a situation or scenario for a period, sometimes for years, and is called upon only sporadically for newly uncovered information (i.e., tip-offs) and leads. These types of informants are often referred to as moles because of the nature of their insulated situation as inside sources. There are two instances in which covert informants are commonly used: in organized crime and in hate-extremist group investigations. Covert informants are often culled to get information about upcoming criminal activities by such groups.

—Accomplice/witness informants. The accomplice/witness informant is often called upon to provide information concerning criminal activity. Unlike other types of informants, the accomplice/witness informant seeks to avoid prosecution for an offense by providing investigators with helpful information. For example, the government might promise leniency if the accomplice/witness informant offers details about a co-conspirator.

There are three essential procedures for the investigator to keep in mind and follow when using sources and informants. First, strive to keep the informant’s identity as confidential as possible. Second, independently verify the information provided by the source or informant. Third, develop witness and documentary evidence from independently verified information. For example, an informant might indicate that an investigative target committed fraud. If the fraud examiner subsequently conducts an interview and gets a confession out of the target, the information is no longer dependent on the informant’s claim.

If the confidential source or informant has provided documents, names of potential witnesses, or other evidence, all reasonable steps must be taken to protect the identity of that source. Care should be taken to ensure that the questioning of other witnesses is done in a manner that does not reveal its origin. This can usually be accomplished by phrasing questions in a certain way. For example, Smith furnished confidential information about Jones, the co-owner of Jones Brothers Construction Company. When the fraud examiner confronts Jones, she does not want him to know that she has talked to Smith.

If necessary, in this example, the fraud examiner would display the evidence from witnesses and documents that would not reveal the source or informant’s identity. The information from the source or informant is basically useless unless the fraud examiner can verify its authenticity and independently corroborate it. Suppose a source furnishes the fraud examiner with copies of documents showing that Jones Brothers Construction Company’s building code violations dropped by 80 percent since a bribery arrangement allegedly began. This kind of evidence would corroborate the source’s story. If a source told the fraud examiner that Jones frequently had drinks with Walters, the city’s chief building inspector, the fraud examiner would want to find out some way to verify this information. Recall that the third objective when using sources is to develop the witness’s information and other evidence so that it makes a cohesive case.

Fraud examiners should make every effort to develop and cultivate a wide range of sources. Business and financial institution executives, law enforcement and other governmental personnel, medical and educational professionals, and internal and external auditors are always good contacts for practicing fraud examiners.

The fraud examiner should strive to make contacts in her community, well in advance of needing the information they can provide; my contacts on LinkedIn and in the Central Virginia ACFE Chapter have proven their investigative value again and again!  If the fraud examiner receives an allegation and needs confidential information, s/he might obtain assistance from a source cultivated earlier.  Additionally, we need sources to feel confident that they can share information with us without being compromised. In theory, the source will never have to testify; s/he has no firsthand knowledge. Firsthand information comes either from a witness or from a document.

The fraud examiner might also encounter new sources when tracking leads during a specific investigation. S/he might interview a stockbroker from whom the target purchased stock but who does not want his identity revealed. The fraud examiner shou1d not encourage a person to provide confidential information, but rather try to get verifying reports on the record. But if the fraud examiner promises confidentiality for a source’s information, she must abide by that promise.

The ACFE advises that active recruitment of informants is generally not desirable because doing so might appear unseemly to a jury. It is better to encourage an informant to come forward. It is also desirable to develop an informant relationship, but such relationships must be handled carefully. The fraud examiner must be careful to clearly document the adequate predication for an informant’s involvement. Generally, the most fundamental questions concerning informants will focus on the degree of their culpability or the lack of it. There have been cases where the informant is guiltier than the target; in such cases the court might rule that the informant’s information cannot be introduced.

Finally, it’s recommended that all contact with informants and-sources be reported on a memorandum, although the confidential source or informant’s identity should not be included in the report. Instead of including the source or informant’s identity, the fraud examiner should use symbols to denote the source’s identity. It is further recommended that sources be preceded with an “S,” followed by a unique identifier (i.e., source #1 would be “S-l”; source #2 would be “S-2”). The symbols for informants would then be “I-1” and “I-2.”

Generally, disclosure of the identities of sources and informants should be on a strict need to-know basis. For that reason, the person’s identity should be maintained in a secure file with limited access, and it should be cross-indexed by the source’s symbol number. The reliability of the source, if known, and whether the person can furnish relevant information should always be documented in writing.

Tailoring Difficult Conversations

We CFE’s and forensic accountants, like other investigative professionals, are often called upon to be the bearers of bad news; it just goes with the territory.  CFE’s and forensic accountants are somewhat unique, however, in that, since fraud is ubiquitous, we’re called upon to communicate negative messages to such a diverse range of client types; today the chairman of an audit committee, tomorrow a corporate counsel, the day after that an estranged wife whose spouse has run off after looting the family business.

If there is anything worse than getting bad news, it may be delivering it. No one relishes the awkward, difficult, anxiety-producing exercise of relaying messages that may hurt, humiliate, or upset someone with whom the deliverer has a professional relationship. And, what’s more,  it often proves a thankless task. This was recognized in a Greek proverb almost 2,500 years ago, “Nobody loves the messenger who brings bad news.”

Physicians, who are sometimes required to deliver worse news than most CFE’s ever will, often engage in many hours of classwork and practical experience studying and role-playing how to have difficult conversations with patients and their families They know that the message itself, may be devastating but how they deliver it can help the patient and his or her family begin to process even the most painful facts.   CFE’s are in the fortunate position of typically not having to deliver news that is quite so shattering.  Nevertheless, there is no question that certain investigative results can be extremely difficult to convey and to receive.  The ACFE tells us that learning how to prepare for and deliver such messages can create not only a a better investigator but facilitate a better investigative outcome.

Preparation to deliver difficult investigative results should begin well in advance, even before there is such a result to deliver. If the first time an investigator has a genuine interaction with the client is to confirm the existence of a fraud, that fact in itself constitutes a problem.  On the other hand, if the investigator has invested time in building a relationship before that difficult meeting takes place, the intent and motivations of both parties to the interaction are much better mutually understood. Continuous communication via weekly updates to clients from the moment irregularities are noted by examination is vital.

However, despite best efforts in building relationships and staying in regular contact with clients, some meetings will involve conveying difficult news. In those cases, preparation is critical to accomplishing objectives while dealing with any resultant fallout.  In such cases, the ACFE recommends focusing on investigative process as well as on content. Process is professionally performing the work, self-preparation for delivering the message, explaining the conclusions in meaningful and realistic ways, and for anticipating the consequences and possible response of the person receiving the message. Content is having the right data and valid conclusions so  the message is correct and complete.

Self-preparation involves considering the type of person who is receiving the difficult message and in determining the best approach for communicating it. Some people want to hear the bottom line first and the supporting information after that; others want to see a methodical building of the case item by item, with the conclusion at the end. Some are best appealed to via logic; others need a more empathetic delivery. Discussions guided by the appropriate approach are more likely to be productive. Put as much effort as possible into getting to know your client since personality tends to drive how he or she wants to receive information, interact with others, and, in turn, values things and people. When there is critical investigative information that has to be understood and accepted, seasoned examiners consider delivery tailored specifically to the client to be paramount.

Once the ground work has been laid, it’s time to have the discussion. It’s important, regarding the identified fraud, to remember to …

–Seek opportunities to balance the discussion by recognizing the client’s processes that are working well as well as those that have apparently failed;

–Offer to help or ask how you can help to address the specific issues raised in the discussion;

–Make it clear that you understand the client’s challenges. Be precise and factual in describing the causes of the identified irregularity;

–Maintain open body language. Avoid crossing your arms, don’t place your hands over your mouth or on your face, and keep your palms facing each other or slightly upwards instead of downwards. Don’t lean forward as this appears extra aggressive. Breathe deeply and evenly. If possible, mimic the body language of the message recipient, if the recipient is remaining calm. If the recipient begins to show signs of defensiveness or strong aggression, and your efforts to calm
the situation are not successful, you might suggest a follow-up meeting after both of you have digested what was said and to consider mutually acceptable options to move forward.

–Present the bottom-line message three times in different ways so your listener has time to absorb it.

–Let the client vent if he or she wishes. The ACFE warns against a tendency to interrupt the client’s remarks of explanation or sometimes of denial; “we don’t hire people who would do something like that!” Allowing the client time to vent frees him or her to get down to business moving afterward.

–Focus on problems with the process as well as on the actions of the suspect(s) to build context for the fraud scenario.

–Always demonstrate empathy. Take time to think about what’s going through your hearer’s mind and help him or her think through the alleged scenario and how it occurred, what’s going to happen next with the investigation, and how the range of issues raised by the investigation might be resolved.

Delivering difficult information is a minefield, and there are ample opportunities to take a wrong step and see explosive results. Emotional intelligence, understanding how to read people and relate to them, is vital in delivering difficult messages effectively. This is not an innate trait for many people, and it is a difficult one to learn, as are many of the other so-called soft skills. Yet they can be critical to the successful practice of fraud examination. Examiners rarely get in trouble over their technical skills because such skills are generally easier for them to master.  Examiners tend to get in trouble over insufficient soft skills. College degrees and professional certifications are all aimed at the technical skills. Sadly, very little is done on the front end to help examiners with the equally critical soft skills which only arise after the experience of actual practice.  For that reason, watching a mentor deliver difficult messages or deal with emotional people is also an effective way to absorb good practices. ACFE training utilizes the role-playing of potentially troublesome presentations to a friendly group (say, the investigative staff) as another way to exercise one’s skills.

Delivering bad news is largely a matter of practice and experience, and it’s not something CFEs and forensic accountants have the choice to avoid. At the end of the day, examiners need to deliver our news verbally and in writing and to facilitate our clients understanding of it. The underlying objective is to ensure that the fact of the alleged fraud is adequately identified, reported and addressed, and that the associated risk is understood and effectively mitigated.

Write & Wrong

It’s an adage in the auditing world that examination results that can’t be effectively communicated might as well not exist.  Unlike a financial statement audit report, the CFE’s final report presents a unique challenge because there is no standardized format. Our Chapter receives more general inquiries from new practitioners about the form and content of final examination reports than about almost any other topic.

Each fraud investigation report is different in structure and content, depending on the nature and results of the assignment and the information that needs to be communicated, as well as to whom the results are being directed. To be effective, therefore, the report must communicate the findings in an accurate and concise form. Corporate counsel, law enforcement, juries, an employing attorney and/or the audit committee and management of the victimized organization must all be able to delineate and understand the factual aspects of the fraud as well as the related risks and control deficiencies discovered so that appropriate actions can be taken timely. Thus, the choice of words used and the tone of the CFE’s final report are as important as the information presented within it. To help ensure their reports are persuasive and bring positive results, CFEs should strive to keep them specific, meaningful, actionable, results oriented, and timely.

Because the goal of the final report is to ensure that the user can interpret the results of the investigation or analysis with accuracy and according to the intentions of the fraud examiner or forensic accountant, the report’s tone and structure are paramount. The report should begin by aligning issues and recommendations with applicable ACFE and with any other applicable professional standards and end with results that are clearly written and timely presented. To ensure quality and accuracy, there are some basic guidelines or ground rules that authorities recommend should be considered when putting together a final report that adds value.

The CFE should consider carefully what specifically to communicate in the report, including the conditions, cause, effect, and “why” of each of the significant fraud related facts uncovered.  Fraud investigators should always identify and address issues in a specific context rather than in broad or general terms. For example, stating that the fraud resulted from weaknesses in the collection and processing of vendor payment receipts is too broad. The report should identify the exact circumstances and the related control issues and risk factors identified, the nature of the findings, an analysis of the specific actions constituting the fraud and some discussion (if the CFE has been requested to do so) of possible corrective actions that might be taken.

To force the writing toward more specificity, each paragraph of the report should express only one finding, with major points enumerated, or bulleted, and parallel structure should be used for each itemized statement of a listing of items. Further, the most important findings should be listed in the first sentence of a paragraph. Once findings are delineated, the explanatory narration of facts aligned to each finding should be presented. Being specific means leaving nothing to the
user’s interpretation beyond that which is intended by the writer.  Another way to achieve specificity is to align the writing of the report to an existing control framework like the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) internal control or risk management frameworks. When issues are aligned with existing standards or to a framework, it can be easier for the CFE to explain the weaknesses in the client’s control environment that made the fraud possible.

The question to be answered is: Can the client(s) readily tell what the issues are by reading the investigative report alone? If the answer is “no,” how will they satisfactorily address areas the client will eventually deem important in moving forward toward either remediation or possible prosecution? This aspect of the writing process requires the practitioner to, first, identify to whom the final report is specifically directed and, second, determine what is to be communicated that will add value for the client. For example, the report may a communication to an employing attorney, to corporate counsel, to the client’s management or audit committee or to all three. What are their expectations? Is the report the result of a routine investigation requested by client management of possible accounts payable fraud or a special investigation to address a suspected, specifically identified fraud? The answer to these and related questions will help determine the appropriate technical level and tone for the report.

When there are different readers of the report, the process necessarily becomes more complex under the necessity to meet the expectations, understandings and eventual usages of all the parties. Finding the right words to address the identified fraud related facts in a positive tone, especially when client conditions surrounding the fraud are sometimes sensitive or at least not favorable, is crucial to making the report meaningful as well as persuasive. The investigative findings must be clear and logical. If the reported results are understood and meaningful actions that add value to the position of the various users are taken because of the findings, then the purpose and meaning of the CFE’s report (and work) will be realized.

What about investigative situations in which the CFE or forensic accountant is asked to move beyond a straight-forward presentation of the facts and, as an expert on fraud and on fraud prevention, make recommendations as to corrective actions that the client might take to forestall the future commission of frauds similar to those dealt with in the final report? In such cases (which are quite common, especially with larger clients), the final report should strive to demonstrate to the extent possible the capacity of the entity to implement the recommendations the CFE has included in the report and still maintain an acceptable level of operation.  To this end, the requested recommended actions should be written in a way that conveys to management that implementing the recommendations will strengthen the organization’s overall fraud prevention capability. The writing, as well as the complexity of the corrective action, should position the client organization to implement recommendations to strengthen fraud prevention. The report should begin with the most critical issue and progress to the least important and move from the easiest recommended corrective steps to the most difficult, or to the sequence of steps to implement a recommendation. The cost to correct the fraud vulnerability should be
apparent and easily determined in the written report. Additionally, the report should provide management with a rubric to evaluate the extent to which a deficiency is corrected (e.g., minimally corrected, fully corrected). Such a guide can be used to gauge the fraud prevention related decisions of management and serve as a basis for future fraud risk assessments.

Developing the CFE’s final report is a process that involves four stages: outlining, drafting, revising, and editing. In the outlining stage, the practitioner should gather and organize the information so that, when converted to a report, it is easy for the reader to follow. This entails reviewing the working papers and making a list of the fraud related facts to be addressed and of their related chronologies. These should be discussed with the investigative team (if any) and the
client attorney, if necessary, to ensure that there is a clear understanding of the underlying facts of the case. Any further work or research should be completed at this stage. This process may be simple or complicated, depending on the extent of the investigation, the unit or operation that is under examination, and the number of fraud related facts that must be addressed.

Once all information has been gathered, the next stage is writing the draft of the report. In completing the draft, concise and coherent statements with sufficient detail should enable the reader to understand the chronology and related facts of the fraud, the fraud’s impact on operations, and the proposed corrective actions (if requested by the client). After completing the draft, revisions may be necessary to make sure that the evidence supports the results and is written in a specific context.

The final stage involves proofreading and editing for correct grammar, sentence structure, and word usage to ensure that the facts and issues related to the fraud are effectively and completely presented and that the report is coherent. Reviewers should be used at this stage to give constructive feedback. Several iterations may be necessary before a final report is completed.

In summary, the CFE’s final report should be designed to add value and to guide the client organization’s subsequent steps to a satisfactory overall fraud response and conclusion. If the CFE’s report is deficient in communicating results, critical follow-on steps requiring immediate action may be skipped or ignored. This can be costly for any company in lost opportunities for loss recoveries, botched prosecutions and damaged reputation.

A CDC for Cyber

I remember reading somewhere a few years back that Microsoft had commissioned a report which recommended that the U.S. government set up an entity akin to its Center for Disease Control but for cyber security.  An intriguing idea.  The trade press talks about malware and computer viruses and infections to describe self -replicating malicious code in the same way doctors talk about metastasizing cancers or the flu; likewise, as with public health, rather than focusing on prevention and detection, we often blame those who have become infected and try to retrospectively arrest/prosecute (cure) those responsible (the cancer cells, hackers) long after the original harm is done. Regarding cyber, what if we extended this paradigm and instead viewed global cyber security as an exercise in public health?

As I recall, the report pointed out that organizations such as the Centers for Disease Control in Atlanta and the World Health Organization in Geneva have over decades developed robust systems and objective methodologies for identifying and responding to public health threats; structures and frameworks that are far more developed than those existent in today’s cyber-security community. Given the many parallels between communicable human diseases and those affecting today’s technologies, there is also much fraud examiners and security professionals can learn from the public health model, an adaptable system capable of responding to an ever-changing array of pathogens around the world.

With cyber as with matters of public health, individual actions can only go so far. It’s great if an individual has excellent techniques of personal hygiene, but if everyone in that person’s town has the flu, eventually that individual will probably succumb as well. The comparison is relevant to the world of cyber threats. Individual responsibility and action can make an enormous difference in cyber security, but ultimately the only hope we have as a nation in responding to rapidly propagating threats across this planetary matrix of interconnected technologies is to construct new institutions to coordinate our response. A trusted, international cyber World Health Organization could foster cooperation and collaboration across companies, countries, and government agencies, a crucial step required to improve the overall public health of the networks driving the critical infrastructures in both our online and our off-line worlds.

Such a proposed cyber CDC could go a long way toward counteracting the technological risks our country faces today and could serve a critical role in improving the overall public health of the networks driving the critical infrastructures of our world. A cyber CDC could fulfill many roles that are carried out today only on an ad hoc basis, if at all, including:

• Education — providing members of the public with proven methods of cyber hygiene to protect themselves;
• Network monitoring — detection of infection and outbreaks of malware in cyberspace;
• Epidemiology — using public health methodologies to study digital cyber disease propagation and provide guidance on response and remediation;
• Immunization — helping to ‘vaccinate’ companies and the public against known threats through software patches and system updates;
• Incident response — dispatching experts as required and coordinating national and global efforts to isolate the sources of online infection and treat those affected.

While there are many organizations, both governmental and non-governmental, that focus on the above tasks, no single entity owns them all. It is through these gaps in effort and coordination that cyber risks continue to mount. An epidemiological approach to our growing technological risks is required to get to the source of malware infections, as was the case in the fight against malaria. For decades, all medical efforts focused in vain on treating the disease in those already infected. But it wasn’t until epidemiologists realized the malady was spread by mosquitoes breeding in still pools of water that genuine progress was made in the fight against the disease. By draining the pools where mosquitoes and their larvae grow, epidemiologists deprived them of an important breeding ground, thus reducing the spread of malaria. What stagnant pools can we drain in cyberspace to achieve a comparable result? The answer represents the yet unanswered challenge.

There is another major challenge a cyber CDC would face: most of those who are sick have no idea they are walking around infected, spreading disease to others. Whereas malaria patients develop fever, sweats, nausea, and difficulty breathing, important symptoms of their illness, infected computer users may be completely asymptomatic. This significant difference is evidenced by the fact that the overwhelming majority of those with infected devices have no idea there is malware on their machines nor that they might have even joined a botnet army. Even in the corporate world, with the average time to detection of a network breach now at 210 days, most companies have no idea their most prized assets, whether intellectual property or a factory’s machinery, have been compromised. The only thing worse than being hacked is being hacked and not knowing about it. If you don’t know you’re sick, how can you possibly get treatment? Moreover, how can we prevent digital disease propagation if carriers of these maladies don’t realize they are infecting others?

Addressing these issues could be a key area of import for any proposed cyber CDC and fundamental to future communal safety and that of critical information infrastructures. Cyber-security researchers have pointed out the obvious Achilles’ heel of the modern technology infused world, the fact that today everything is either run by computers (or will be) and that everything is reliant on these computers continuing to work. The challenge is that we must have some way of continuing to work even if all the computers fail. Were our information systems to crash on a mass scale, there would be no trading on financial markets, no taking money from ATMs, no telephone network, and no pumping gas. If these core building blocks of our society were to suddenly give way, what would humanity’s backup plan be? The answer is simply, we don’t now have one.

Complicating all this from a law enforcement and fraud investigation perspective is that black hats generally benefit from technology long before defenders and investigators ever do. The successful ones have nearly unlimited budgets and don’t have to deal with internal bureaucracies, approval processes, or legal constraints. But there are other systemic issues that give criminals the upper hand, particularly around jurisdiction and international law. In a matter of minutes, the perpetrator of an online crime can virtually visit six different countries, hopping from server to server and continent to continent in an instant. But what about the police who must follow the digital evidence trail to investigate the matter?  As with all government activities, policies, and procedures, regulations must be followed. Trans-border cyber-attacks raise serious jurisdictional issues, not just for an individual police department, but for the entire institution of policing as currently formulated. A cop in Baltimore has no authority to compel an ISP in Paris to provide evidence, nor can he make an arrest on the right bank. That can only be done by request, government to government, often via mutual legal assistance treaties. The abysmally slow pace of international law means it commonly takes years for police to get evidence from overseas (years in a world in which digital evidence can be destroyed in seconds). Worse, most countries still do not even have cyber-crime laws on the books, meaning that criminals can act with impunity making response through a coordinating entity like a cyber-CDC more valuable to the U.S. specifically and to the world in general.

Experts have pointed out that we’re engaged in a technological arms race, an arms race between people who are using technology for good and those who are using it for ill. The challenge is that nefarious uses of technology are scaling exponentially in ways that our current systems of protection have simply not matched.  The point is, if we are to survive the progress offered by our technologies and enjoy their benefits, we must first develop adaptive mechanisms of security that can match or exceed the exponential pace of the threats confronting us. On this most important of imperatives, there is unambiguously no time to lose.

Asked and Answered

Some months ago, I was involved as a member of an out-of-town fraud examination team during which the question of note taking during an investigative interview arose. A younger member of the team (a junior internal auditor) wanted to know about approaches to the documentation of not just one, but possibly of the several prospective interview sessions it initially appeared might be necessary regarding the examination.

As the ACFE tells us, notes, whether handwritten or recorded, always send an unambiguous signal to the subject that the interviewer is memorializing his or her comments. Interviews without notes are significantly limited in their value and may even signal to the interview subject that it may later be just a question of her word against the interviewer’s. If the interviewer takes only cryptic or shorthand notes and later reviews those notes with the subject to confirm what was said, the interviewer should recognize that the notes, while confirmed and edited to a certain extent, will still be less than complete.

On the other hand, tape recording an interview is a significant obstacle to full cooperation. People are reluctant to be recorded. For the most part, the use of tape recorders to take notes is not recommended in situations involving a potential fraud. Most subjects will resist the use of recorders and, even in circumstances where the subject may have agreed to their use, their responses will be more guarded than if a recorder was not used. If a recorder is used, be sure to begin the taping by recording the date, time, names of the individuals present, and an acknowledgment by the subject that they know the interview is being recorded and they have agreed to be recorded.

Once the interviewer has determined how s/he will document the interview, s/he should ask the subject if it is okay to take notes or record the session. It is the polite and professional thing to do and it serves two purposes:

–It is part of the process by which the subject is encouraged to be a participant;
–If the subject balks or tells the interviewer she does mind that the interviewer takes notes, it can open a line of questioning by the interviewer to determine the exact cause of the subject’s objections;

The subject should always be advised that note taking is critical to the integrity of the process and that notes ensure that what the subject says is documented properly. Failure to take notes limits the information to the memory and interpretation of the interviewer.  In a professional setting, most subjects will understand the critical nature of notes. Very few people will say it is not all right to take notes, regardless of how they feel about it. If they are absolutely opposed to the taking of notes, find out why and concentrate on what the subject says and reduce the interview to notes as quickly as possible after the interview. With a hostile subject who opposes note taking, the interviewer can ask if it is okay for her to make selected notes regarding dates or things the interviewer might not remember later. The interviewer can explain that it is important that s/he understand the subject’s position or communication correctly. If the subject is still adamant about the interviewer not taking notes, it should be documented in the interviewer’s report.

As the fraud interviewer develops his or her interviewing skill set, s/he should concentrate on taking verbatim notes which, among other things, include, at a minimum, nouns, pronouns, and verbs. Some practitioners recommend that the interviewer not attempt to write everything down. The argument is that, in doing so, the interviewer will not have an opportunity to observe the subject’s nonverbal communications.

The generally accepted recommendation is, therefore, where feasible, that the interviewer take down verbatim as much of what the subject says as is possible. This includes repeated words and parenthetical comments. This practice allows the interviewer to later review what the subject said as opposed to what the interviewer thought the subject said. Note taking also provides additional documentation of what the subject is communicating and (when reviewed after the fact in the light of additional knowledge) of what the subject has excluded.

During the act of taking notes, the interviewer should exercise caution. Taking notes intermittently can signal to the subject that the interviewer takes notes only when the information is important. Conversely, if, during the interview, a very sensitive area is broached, or if the subject indicates that s/he is uncomfortable with an area or issue, the interviewer can put her pencil down, lean forward, establish good eye contact, and listen to the subject. The simple suspension of note taking may place the subject at ease. As soon as the interview moves to a less sensitive area, the interviewer should try to reduce the previously mentioned sensitive area to notes. If the subject associates note taking with core interview information, the subject may interpret continued note taking as encouragement to continue talking.

The interviewer should not write down interpretive comments while taking notes. The interviewer should however make notes, where appropriate, in cases where verbal and
nonverbal indications of both resistance or cooperation are found.

The interviewer should always take notes with the possibility in mind that the notes may be subjected to third party scrutiny. This scrutiny may extend to opposing counsel in the event of litigation. The interviewer’s notes may or may not be privileged materials. With this in
mind, the interviewer should consider the following:

–Begin each separate set of interview notes on a clean page;
–Identify the date, time, and place of the interview and all the individuals present at the interview;
–Obtain as much background data on the subject as possible, including telephone numbers, and identify means of contacting him or her, including alternate numbers for family and friends;
–Initial and date the notes;
–Document the interviewer’s questions;
–Take verbatim notes if possible. Concentrate, but do not limit notes of the subject’s responses to:
• Nouns
• Pronouns
• Verb tense
• Qualifiers
• Indicators of responsibility, innocence, or guilt
–Do not document conclusions or interpretations;
–Report any unusual change in body language in an objective manner. Document the changes in body language and tone, if applicable, in conjunction with notes of what the subject or interviewer said at the time the body language or tone changed;
–At the conclusion of the interview, review the notes with the subject to confirm what the subject has said.

Finally, following the interview, your notes should be reproduced in printed form as quickly as possible.  Enough cannot be said for the value of a well-documented set of interview notes for every aspect of a subsequent investigation; their presence or absence can make or break your entire case.

The Facts Speak for Themselves

fact-findingOne of the most frequent topics our Chapter receives questions about from new members and from our on-line guests concerns the documenting and reporting of investigative results.  What types of reports do fraud examiners and forensic accountants typically produce based on what types of documentation? What should be included in the various types of documentation and reports and what should be avoided?

The ACFE tells us that documenting an investigation is as important as performing it. A poorly documented case file can lead to a disappointing conclusion, a dissatisfied client, and can even damage the investigator’s reputation. Various means by which the fraud examiner or forensic accounting investigator may report her findings have been established by over two decades of practice.  The form of the report, whether oral or written, is always a matter to be discussed with the client and with counsel. While it’s not the responsibility of the fraud examiner to advise on the legal perils associated with various forms of reporting, there are certain issues of which new investigators should be aware as their clients debate the form of reporting that will conclude the investigator’s examination.

The ACFE suggests that practitioners try to determine at the outset whether a written report is expected and, if so, its form and timing. In the usual circumstance that this point can’t be decided at the inception of the engagement, the examiner should conduct the investigation in a manner that will facilitate a comprehensive oral report, including the key documents and any exhibits necessary to illustrate the findings. Many investigations begin small, but there’s no way to know with certainty where they will lead and what will be required at the conclusion. Although the client may not have requested a report at the outset of the investigation, some event during the investigation may change the client’s mind, and the investigator should to be prepared to respond. For example, you may determine during an investigation that an officer of the company violated a law or regulation, thereby requiring the company to consider self-reporting and possibly

bringing a civil action against the officer and other third parties. Alternatively, you may be subpoenaed for your part in an investigation that has captured the attention of regulatory agencies or law enforcement. While you can testify only as to what procedures you recall performing and the attendant findings, your client, and your own reputation, will be better served if you always have through and proper documentation. Try to perform an investigation as if you might be asked later to report formally on your findings and on the exact procedures performed.

Members also ask about the types of reports.  The most common reports are:

Written reports

  • Report of investigation. This form of written report is given directly to the client, which may be the company’s management, board, audit committee of the board, in-house counsel or outside counsel. The report should stand on its own; that is, it should identify all the relevant evidence that was used in concluding on the allegations under investigation. This is important because the client may rely on the report for various purposes such as corporate filings, lawsuits, employment actions, or alterations to procedures and controls.
  • Expert report filed in a civil court proceeding. The American Institute of Certified Public Accountants (AICPA) publishes an excellent practice aid on the full range of expert reports.
  • Affidavits. These are voluntary declarations of facts and are communicated in written form and sworn to by the witness (declarant) before an officer authorized by the court.
  • Informal reports. These consist of memos to file, summary outlines used in delivery of an oral report, interview notes, spreadsheets listing transactions along with explanatory annotations, and other less-formal written material prepared by the investigation team.

Oral reports

  • Oral reports are usually delivered by the investigation engagement leader to those overseeing an investigation, such as a company’s board, or to those who represent the company’s interests, such as outside counsel.
  • Oral reports involve giving a deposition, as a fact witness or expert witness, during which everything that is said, by all parties to the deposition, is transcribed by a court reporter.

Reports documenting an investigation differ considerably from audit opinions issued under generally accepted auditing standards (GAAS). The investigative report writer is not constrained by the required language of a governing standard, and investigative reports differ from one another in organization and content depending on the client’s stated needs. In contrast, financial audit reports adhere to set formula prescribed by GAAS. The uses of written reports also differ. The client could do any of the following things with an investigative report:

  • Distribute the report to a select group of individuals associated with the company in various capacities;
  • Voluntarily give the report to a prosecutor as a referral for prosecution;
  • Enter the report as evidence in a civil fraud proceeding;
  • Give the report to outside counsel for use in preparing regulatory findings, entering negotiations, or providing other legal services on behalf of the company.

However the client decides to use the report, its basic elements usually include the following organizaton:

  • Identify your client;
  • In the case of a lawsuit, identify the parties;
  • State in broad terms what you were asked to do;
  • Describe your scope, including the period examined;
  • Include mention of any restriction as to distribution and use of the report;
  • Identify the professional standards under which the work was conducted;
  • Identify exclusions in the reliance on your report (the report is not a financial audit, etc.);
  • State that your work should not be relied on to detect all fraud;
  • Include the procedures you performed, technical pronouncements relied upon, and findings.

Although a summary can be helpful to the reader it may be perilous for the report writer in terms of keeping critical information and perspectives intact. Caution is advised when preparing two types of summary sections: executive summary and conclusion.  If you do write a summary, be careful not to offer an opinion on the factual findings unless specifically requested to do so by the client. The facts should speak for themselves.

It may be appropriate to include in a concluding section of the Report of Investigation certain recommendations for additional investigative procedures or a description of control breakdowns you have observed. Also, a carefully written executive summary at the beginning of the report can be extremely helpful to the reader, especially when it precedes a long and complex report. The executive summary should offer in simple, straightforward language an accurate statement of significant findings. Each summarized finding should include a reference to the full description of findings included in the complete Report of Investigation.

Fraud examination reports are powerful tools which can assist client management in a myriad of ways but, like anything else, if ineptly prepared, represent a minefield for the beginning practitioner.

Of Estimates, Errors & Fraud

fraud-warningThere was a local case of embezzlement in the news last week in which the suspected perpetrator claimed that a number of her seemingly fraudulent transactions, as identified by her company’s external auditors, were in reality ‘mistakes’ (mostly either accounting or estimating errors) or, in other cases, just simple missteps occasioned by ignorance of her company’s accounting policies. Somewhat surprisingly, this all too common defense seemed to cast some doubt, at least from the newspaper’s point of view, on the overall propriety of the entire prosecution. For me, the case brought to mind, on one hand, the differing roles of external auditors and forensic accountants and, on the other, the often critical role played in investigations by the introduction of the foggy elements of accounting estimates, simple errors and ignorance.

Unlike the external auditors in this case, the forensic accounting investigator’s concern is not limited to reaching a general opinion on financial statements taken as a whole, derived from reasonable efforts within a reasonable materiality boundary. Instead, the forensic accounting investigator’s concern is, at a much more granular level, with the detailed development of factual information—derived from both documentary evidence and testimonial evidence—about the who, what, when, where, how, and why of a specific, suspected or known impropriety.  In my opinion, it’s the lack of such investigative granularity in the follow-up to the simple discovery of the individual fraud by the auditors in this recent case that resulted in the ‘ambiguity’ expressed by the newspaper.

The auditors discovered the suspected fraud through their routine sampling procedures, which predication of the existence of an impropriety would have furnished the starting point for the work of a forensic accountant had one been called in. Think of it like the relationship between the accountant and the financial analyst.  The financial analyst’s work typically begins when that of the accountant ends; the audited financial statements are the foundation on which the work of the financial analyst rests.  So too do discoveries of improprieties by auditors often lead to a subsequent investigative hand off to forensic investigators.  The forensic investigator starts by seeking and examining all relevant evidence concerning the particular case made available, not only by the auditors, but by all the concerned parties.  Based on the investigative findings, the forensic accounting investigator then assesses and measures losses or other forms of damage to the organization and recommends and implements corrective actions, often including changes in accounting processes and policies and/or personnel actions. In addition, the forensic accounting investigator assists management in taking preventive actions to eliminate recurrence of the problem. In contrast to the external auditors, the forensic accounting investigator’s more complete findings and recommendations may form the basis of testimony in litigation proceedings or criminal actions against the perpetrators. They may also be used in testimony to government agencies such as the Securities and Exchange Commission in the United States or the Serious Fraud Office in the United Kingdom. Accordingly, the scope of the investigation and the evidence gathered and documented must be capable of withstanding challenges that may be brought by adversely affected parties on both sides of the prosecution or by skeptical regulators.

Clearly, there are many commonalities between auditing and forensic accounting which, at best , can support the formation of a close working partnership. Both rely on:

  • Knowledge of the industry and the company, including its business practices and processes;
  • Knowledge of the generally accepted accounting principles of the jurisdiction in question;
  • Interpretation of business documents and records;
  • Independence and objectivity—perhaps the most important commonality.

The foggy nature of estimates and errors arises in financial transactions and statements due to the continuous nature of business. Unlike a footrace that ends at the finish line or an athletic contest that ends with the final buzzer, a business and its transactions are continually in varying stages of completion. There are many items in a financial statement for which the final outcome is not known with precision. Given the complexity and continuity of business, it’s difficult to capture a clear snapshot of a company’s financial position and performance at a random point in time. As a general matter, estimates are most commonly made concerning the final amounts of cash that will be received or paid once assets or liabilities are finally converted into cash. Such estimates can encompass, for example, allowances for uncollectible customer receivables, estimates of liabilities for claims or lawsuits brought against a company, the amount of profit or loss on a long-term contract, and the salability of inventory that is past its prime. Most estimates are based on three types of information: past performance of the same or similar items, what is currently occurring, and what management perceives as the probable outcome. Further complicating matters, the weight to assign each type of information varies depending on the particular circumstances. But no matter how determined, unlike the score of a sporting contest, an estimate on the books or in financial statements is a prediction of what will happen, not the objective tally of what has already taken place.  For all these and a host of other reasons, the ACFE tells us that accounting estimates are always a fertile ground for every type of financial fraud.

What the forensic investigator brings into this mix is his or her informed, holistic approach (as outline above) to the detailed analysis of any specific, predicated fraud.   Legitimate assertion of managerial confidence in the business’s ability to achieve certain estimated results is one thing. A deceptive misinterpretation that is intended to generate a favorable estimate is another thing altogether and may pose a substantial investigative challenge well beyond the scope of most routine financial audits. Practicing forensic accounting investigators are trained to address the often vexing complexities and alternative rationales that may be offered to explain the difference between an estimate and an actual result. Given that estimates often constitute the cause of material differences in financial statement presentations, the ability to distinguish between the manipulatively self-serving and the merely incorrect is a critical element of many forensic investigations.

To get back to our newspaper case, U.S. auditing standards state that the main difference between fraud and error is intent. Errors are unintentional misstatements or omissions of amounts or disclosures in financial statements. So, errors may involve:

  • Mistakes in gathering or processing data from which financial statements are prepared;
  • Unreasonable accounting estimates arising from oversight or misinterpretation of facts;
  • Mistakes in the application of accounting principles related to amount, classification, manner of presentation, or disclosure.

Fraud, on the other hand, is defined in SAS 99 as an intentional act that results in a material misstatement. The motive or intent of an individual in making accounting entries is not the primary focus of the external auditor’s procedures as it is of the forensic investigators. Auditors direct their efforts toward determining objectively measurable criteria regarding account balances and transactions by asking: Do the assets exist? How much was paid? What is the basis of the estimate? Is it reasonable? How much was collected? Were the goods shipped to the customer? By asking questions such as these and obtaining evidence to support the estimate where appropriate, auditors can be better positioned to ascertain that the amounts in the books are correct. Thus, given the focus of the auditor, intent is not uniformly relevant; evaluation of intent is a subjective as opposed to an objective evaluation, and ascertaining intent is a difficult exercise at which the trained forensic accountant is highly skilled.

For the foreseeable future, corporate fraud will continue to present substantial challenges and opportunities for fruitful partnership between auditors and forensic accounting investigators. However, it must be recognized that the complexities of the business world and the ingenuity of highly educated, white-collar criminals will always manage to produce schemes that unfortunately go undetected until they reach significant proportions. Forensic accounting investigators will investigate, prosecutors will convict, and regulators will react with new and more requirements … and, without question,  the fraudsters will always be with us.

Who’s the Client?

lawyer_1While I was away on vacation last week our Chapter received an on-line comment-request from a CFE practitioner currently working on a fraud investigation for an attorney on the legal staff of a major international corporation.   The commenter was seeking some overview information relating to the protection of the content of her soon to be completed investigative report under U.S. law.  As I’m sure most of you remember, the attorney-client privilege applies where there is a (1) confidential (2) communication (3) between attorneys and their clients (4) made for the purpose of rendering or receiving legal advice.

To protect the report of an internal investigation, the report should be communicated to the lawyer (preferably the lawyer should initiate the investigation), it should not be distributed to anyone else, and it should be for the purpose of providing the lawyer information he or she needs to render a legal opinion or provide legal advice. The key element is that the attorney (whether in-house counsel-or outside counsel) is having the investigation conducted for the purpose of providing legal advice to the company.  The privilege generally extends to information gathered by investigators like our CFE enquirer if the investigator is acting at the direction of the attorney.

The ACFE tells us that the existence of the following will help ensure that communications gathered during the investigation will be protected under the attorney-client privilege:

–The communications were made by corporate employees to counsel;
–The communications were made at the direction of corporate superiors in order for the company to obtain legal advice from counsel;
–The employees were aware that the communications were being made in order for the company to obtain legal advice;
–The information needed was not available from upper management;
–The communications concerned matters within the scope of the employees’ corporate duties;
–The communications were confidential when made and were kept confidential by the company.

CFE’s and forensic accountants should not make the mistake of believing that just because an attorney is involved all reports and communications are protected by the attorney-client privilege. The privilege protects only those communications related to the attorney providing legal advice. Often courts will seek to determine whether the attorney was actually rendering legal advice or merely performing investigative services. Some courts have taken a narrow view of the privilege and have held that if the investigation could have been conducted just as easily by a private investigator, then the lawyer was acting as just that, an investigator, not as a lawyer; therefore, the privilege would not apply.

The ACFE cautions that the most often overlooked requirement is that the CFE’s report remain confidential. Even if a report meets all of the other requirements (prepared by a CFE for the attorney for the purpose of providing legal advice), the privilege will be lost if it is disclosed to anyone other than “the client.” In the corporate setting, it’s often hard to determine just who “the client” is. However, it’s generally clear that senior officials within the company are authorized to seek advice from an attorney on behalf of the company and to act on such advice. Accordingly, most courts have held that communications between an attorney and senior-level management are protected, while communications between an attorney and lower-level employees may not be.  Therefore, special care should be taken to ensure that the attorney-client privilege is not waived inadvertently by giving documents or communicating information to anyone outside the investigation team, including members of law enforcement. If information gathered during an investigation is shared with law enforcement, then the privilege may be waived not only as to the information given, but also to any other information relating to the same subject matter. This is known as “horizontal” waiver. Some courts have held that waiver of the privilege as to one document implies waiver as to all documents concerning the same subject matter.

If a fraud examiner or forensic accountant feels that a case should be recommended for criminal prosecution, the examiner should consult with the attorney before providing any information to government or law enforcement authorities. For example, if an investigator submits a copy of his report to the prosecutor who initiates criminal proceedings based on the findings in the report, the criminal defendant may be able to require the investigator to provide all the documents he or she used in writing the report. In such an instance, the investigator may be considered to have waived the privilege. Likewise, if law enforcement requests the results of an investigation or information gathered during an investigation, the attorney should be consulted before turning over the information. Some courts have held that the privilege is not waived if a company is subpoenaed to produce the information.

The work product doctrine protects materials that are prepared in anticipation of litigation.  the Supreme Court has set forth some protection for materials prepared with an eye toward litigation. The Court has stated that the doctrine promoted the “orderly prosecution and defense of legal claims” by providing attorneys with a zone of privacy that was essential to their role as an adversary.  People often mistakenly believe that the work product doctrine is connected to, or is part of, the attorney-client privilege. It is not. One of the main differences between the work product doctrine and the attorney-client privilege is that the work product doctrine is not a privilege. The work product doctrine is a provision of the discovery rules which provides that in certain instances, items will be protected from discovery. As such, the work product doctrine is really a “qualified immunity” from discovery. It differs from an evidentiary privilege (such as attorney-client privilege) in that even if the document falls within the definition of “work product,” the judge still can order that the document be produced if the opposing party can show “substantial need” for the protected information and that the information cannot be obtained from another source. However, even if “substantial need” is shown, the mental impressions and opinions of an attorney concerning the litigation are not subject to disclosure under any circumstances.

In virtually every lawsuit, there will be disputes about what must be produced and what is protected from discovery. The rules are not always clear, and they are not applied consistently in either the federal or state courts. One good, but not foolproof protection, is to put the phrase “PRIVILEGED AND CONFIDENTIAL” at the top of every document produced regarding the case. Of course, this statement is not evidence the document is legally privileged or protected, but it does show an intention to keep the communication confidential, and will alert others that the document contains sensitive information.

Some general exceptions to the privilege rule are:

–Only the holder of a privilege, or the holder’s designated representative, can assert the privilege.
–If the holder, after having notice and opportunity, fails to assert it, the privilege is waived.
–If the holder discloses significant information to someone outside the protected relationship, the privilege does not hold.
–The communication must be pertinent to the protected relationship (a physician and a patient must be discussing health issues), or there is no privilege. Ordinary discussion not deemed confidential is not protected.

The Client Waltz

waltzNot too long ago I attended a dinner meeting out of town and had a short discussion about field work with a fellow fraud examiner working her first fraud examination as part of an investigative team.  The corporate counsel of the client organization had directly engaged her small firm and my new friend and dinner partner was experiencing difficulty in gaining access to the client staff with whom she needed to work to perform her part of the investigation.  The root problem seemed to be that the engaging counsel had failed to adequately brief either the lead fraud examiner or his client on just how the examination was be conducted and, consequently the examiners were experiencing frustration because they didn’t think they were initially working with the right people to get their job done.

All too often, fraud examiners are asked to rely on a small number of primary contacts – such as the controller, chief financial officer, or business process manager – to supply all the information for an engagement. In some instances, these individuals may, as a result of confusion or worse, prevent the examiner from speaking with other members of the area under review – a practice referred to as shuttling. But regardless of whether this occurs, talking only with supervisors and managers may not elicit the detail and precision necessary for an effective review.  It’s critical that CFE’s know how to break down any barriers that keep them from those with actual knowledge of the fraud, while at the same time avoiding any damage to their rapport with the primary review contact (in this case, the corporate counsel).  This can be an intricate dance indeed! By enhancing their interpersonal soft skills, CFE’s can walk this delicate line more effectively and increase the likelihood of an outcome satisfactory to all parties. Several key skills, in particular, help fraud examiners gain access to all relevant client staff and elicit the kind of information that will result in a better investigative product.

As a general rule the CFE team leader should try to set up a detailed engagement planning and ground rule meeting with the primary examination contact(s) before starting the examination and then follow up with a formal engagement letter. Meeting the corporate counsel for lunch, for example, would have helped break the ice and provide a more relaxed environment for initial discussion then the hurried phone call from the client counsel that apparently took place in this case.  During the meeting, the lead CFE should try to identify some common ground that can be used throughout the engagement to shore up the relationship and help build rapport. S/he should also take note of the clients’ mannerisms and reactions and keep them in mind later when performing the review. When posing a tough fraud related question to the client, for example, the auditor can then observe whether the client’s mannerisms change compared to those observed while simply establishing rapport. Subsequent further probing on the part of the review team may be warranted if discrepancies are noted.

It’s always a challenge for a team of fraud examiners to quickly learn as much as possible about the business processes affected by a fraud before speaking directly with process owners. Otherwise, those involved with the fraud may perceive the CFE’s as ill prepared or uninformed and be prompt to try to take advantage of that ignorance. When any team member lacks familiarity with the client’s business, her credibility and professionalism may be called into question, and the relationship with the client can quickly become impaired.

Understanding the basic mechanics of client financial business processes up front enables the team to devote more of their engagement efforts to direct examination work. In other words, it helps ensure team member practitioners don’t spend an inordinate amount of time learning while on the job, focusing instead on staying alert for unusual transactions involving the fraud, changes in suspect behavior, and other potential issues. Moreover, examination subjects are more likely to point out more complex issues and solicit input if they feel comfortable with the examiner’s abilities. These insights, in turn, may lead to opportunities for documenting a wide range of situations useful later in court and subsequent recovery efforts.

And it goes without saying that team members should avoid excessively confident or arrogant behavior. In most instances client employees will know more about their operation than the investigative team, and they deserve respect for their expertise. Client staff should be lead to perceive the team as working collaboratively with them in a didactic manner to help resolve a difficult situation — this approach typically achieves the best results. By contrast, even a perception of an adversarial or gotcha approach can quickly sour the situation and compromise the entire process of the examination.

When asking the tough questions, the ACFE tells us that team members should avoid phrasing that may seem confrontational, and they should refrain from steering the response. For example, instead of saying, “You review the XYZ report weekly, correct?” the examiner could say something like, “Could you help me understand how often you review the XYZ report?” Essentially, CFE’s should ask open ended, nonthreatening questions, followed by requests for clarification. Also, be sure to express interest.  Team members should always try to show genuine interest in the subject’s work. In most instances, client employees are proud of what they do, and are pleased to share the details of their work with those they perceive as experts. Expressing interest can elicit valuable information and enhance the examination quality.  Interest is demonstrated by not appearing rushed and by asking relevant, informed questions.  Although this approach takes time (and CFE’s are always pressed for time), it can lead to insight and knowledge that always proves invaluable during the court room and prosecution phases that so often follow from our work product. For example, the unusual or infrequent irregular transactions/events that may not surface during standard interviews or via sample-based testing but are so vital to our work can often be highlighted in this manner.

Client employees contacted in the course of the investigation should be assured that the team is only interested in the facts and that no one is looking to judge them or their work product. Examiners need to listen carefully and objectively to subjects and avoid approaching discussions with apparent preconceived notions or biases. Maintaining impartiality will not only enhance our results, it should result in a stronger relationship with the main client, even when engagements lead to the confirmation of the suspected fraud.

Clarifying the significance of examination findings and discussing workable approaches for moving forward with the main client, help maintain the CFE to client relationship and establishes the CFE as a trusted fraud expert and advisor. For example, suppose the CFE, during her examination discovers that someone in the organization (not connected with the suspected fraud) has the ability to receive goods into inventory, perform physical inventory procedures (cycle counts), make inventory adjustments based on inventory counts, and directly write off damaged inventory to scrap. When reporting this collateral fact, the CFE might want to do more than simply document the apparent access and segregation of duties issues. S/he might want to elaborate on the finding’s significance for potential future fraud by mentioning the risk of loss of inventory (assets), as the employee’s level of system access provides an opportunity to inappropriately write off usable product as damaged, lost, or never received and then use it for personal gain. Descriptive interactions of this type add value to the examination by enabling our main client to fully appreciate the larger risks (even beyond the present fraud) associated with findings and take appropriate action to address them.

When identifying and framing any fraud related issue, CFE’s should keep its true level criticality in context. Managers and business leaders do not appreciate drama, and overreacting can hurt the examiner’s credibility and rapport with valuable future business contacts. Sticking to the facts can help keep almost any sensitive situation from spinning out of control.

Mindful management of the mechanics of client relations can change a stunted two-step into a graceful waltz.  All it takes is practice.

Make it Clear

drowning_paper“We are again honored to have another guest post from our friend and Richmond Chapter 2015 Vice-President, Rumbi Bwerinofa, CFE/CPA/CFF. Rumbi is a Director of the Queens/Brooklyn Chapter of the New York State Society of CPAs and a member of the NYSSCPA Litigation Services Committee. She is the editor of TheFStudent.com, where she discusses financial forensic issues.

Our Chapter members and other professional readers of this blog are encouraged to submit blog posts for publication here … in addition to publication credit, you establish yourself as an expert in the field of fraud examination and help other practitioners by sharing your valuable expertise!” – Charles Lawver-2015 RVACFES Chapter

Fourteen months after being indicted for criminal fraud in the 2012 collapse of the New York law firm Dewey & LeBoeuf, former firm chair Steven Davis, former executive director Stephen DiCarmine and former chief financial officer Joel Sanders all went on trial before Acting Manhattan Supreme Court Justice Robert Stolz.  The trio allegedly falsified audits and records to make the firm appear financially healthy from 2008 to 2011.  In the process, they lied to lenders and investors, stealing nearly $200 million from insurers and banks.   According to prosecutors, rather than tell the truth about the financial realities that faced the firm, the evidence demonstrated that the three defendants used fraud and deceit to intentionally falsify the true nature of Dewey & LeBoeuf’s financial position.  The trio met at Del Frisco’s steakhouse where they hatched a plan to cook their books and make it look like the firm was profitable when it was actually teetering on insolvency.  Despite the dire situation, the executives continued to richly compensate themselves with packages of more than $2 million a year until the firm’s 2012 bankruptcy.  But Davis’ defense lawyer insisted from the start that his client did nothing wrong. He blamed the woes of the firm, which once employed 3,000 lawyers, on the financial meltdown, and greedy partners who bailed after learning they wouldn’t get the extravagant bonuses they had in the past.

Dewey & LeBoeuf was formed in 2007 through the merger of the prestigious firm of Dewey Ballantine — founded by one-time New York Gov. Thomas E. Dewey — and LeBoeuf, Lamb, Greene & MacRae.

White-collar criminal experts at the ACFE say this case may be among the first to accuse law firm executives of accounting-related misconduct targeted primarily at lenders, misconduct, which in this case, directly contributed to the firm’s own demise.  While much of the testimony in the trial was less than riveting, the proceedings were closely watched in the legal community because it’s one of the rare times the top executives of a major law firm have been charged criminally with grand larceny and with a scheme to defraud. Over the course of the trial, several former Dewey partners, many of them well known within the legal profession, were called by the prosecution as witnesses.  In all, seven lower-level employees at Dewey pleaded guilty to lesser charges in hopes of receiving little or no jail time.

In reading about this complex, criminal fraud trial, I’ve been struck by what a long and complex ordeal it was for all those involved, but especially for the jurors who were expected to render judgment. Dewey LeBoeuf filed for bankruptcy in 2012, accused of creating falsified financial records in order to obtain financing from lenders and investors. There were more than 151 charges levelled against the three former executives of the law firm; after a trial that lasted four months, the jury deliberated for almost another month before finally acquitting the three defendants on dozens of the original charges.  A mistrial was declared on 93 of the remaining counts. Several of the defense attorneys said Manhattan District Attorney Cyrus Vance would likely retry the three Dewey & LeBoeuf executives; they and some jurors strongly suggested that Vance pare down the indictment, present fewer witnesses and, most importantly, call in some accounting experts to decrease the level of juror confusion regarding the multitude of complex accounting issues.

The extensive trail publicity brought to mind the overwhelming importance to the prosecution of the type of effective communication, outlined in a recent InnerAuditor post.  During the months-long trial, many witnesses were called to testify and the jury did received a lot of data. Several members of the firm’s finance department testified for the prosecution and detailed ways in which they manipulated financial records in order to make Dewey & LeBoeuf appear more profitable than it actually was. Jurors were asked to sit patiently through a long trial during which reams of complex financial information were presented to them non-stop. Opening statements were long affairs where lawyers for both sides spent hours trying to explain complex concepts like disbursement write-offs. At the end of it all, jurors reported that they wished they had received less data and more useful information on the accounting and financial issues themselves; information that  they could have used to more confidently come to a conclusion on the facts. For all its crowd of witnesses, the prosecution did not choose to include even one accounting expert. No one was on the stand to specifically frame all the allegations and accusations in a way that the jury could clearly understand. One juror stated that, as he had minored in accounting, he had tried to explain some basic accounting concepts to his fellow jurors, so they could, at least,  try to get a better handle of what exactly had happened at Dewey LeBoeuf and why it might be criminal.

The inconclusive outcome of this trial underscores the importance of having forensic accountants and fraud examiners prepare our reports and courtroom presentations in a way really useful to their intended users, whether those user be corporate managers or juries. I’m sure the witnesses were competent and sounded knowledgeable on the stand but, how effective were they if their testimony served only to fry the brains of the jury?  We don’t want any jury to be so bogged down by numbers and complicated, unfamiliar accounting terms that it misses what the real story is all about.

So, next time, if there is a next time, the prosecutor assigned this case should seriously consider engaging the services of a financial accounting/forensic accounting expert. Why?  Because I think the mistrial sufficiently illustrates the importance to the prosecution, and to the defense, of at least one witness who can explain complicated concepts and financial reporting requirements in a sufficiently straightforward manner to be understood by the layman citizens who make up our juries. Clearly it’s not just the quantity of the proof, it’s the quality.